It’s been a few times I’m trying to find free proxy server and firewall for windows server on my office, but I haven’t found any luck until 3 days ago.
I have been stressed by colleagues that running bittorrent download or downloading big files using download manager in the office hours. Both torrent and download manager sucks all the bandwidth and causing other user nearly can’t even browse the web.
What I want at first is the ability to cap the bandwidth for specific IP on the network. I want to cap the bandwidth for torrent and heavy downloader to as low as possible until they suffer because of the very slow connection (hell yeah, I want a revenge).
I found a good software on the internet called Bandwidth Controller. It does what I want to, but for using it I must pay hundreds of dollars, which I guess the company will not want to spend some money for expensive software. They have the free version but it has limitations that make it useless on my office network. So I just uninstall it.
Many people already know about Squid Cache, it is the best open source proxy server. I know about Squid but the problem is my server is using Windows 2003 and Squid as far as I know only run on Linux. Later I found out that Guido Serassio of Acme Consulting S.r.l. already ported Squid to Windows version called SquidNT.
So I download and install SquidNT on the server, configure the delay pool for bandwidth shaping and test it. SquidNT works like charm. The bandwidth shaping does work, although the bandwidth shaping is applied for the whole network. I don’t know yet about how to set the delay pool for each IP connection automatically. But for the time being the default delay pool configuration is suffice.
For guide on SquidNT installation please see my post: Installing Squid Cache for Windows
Next thing I must do is force all users to browse the internet through the proxy server. At first I want to setup a transparent proxy, so users doesn’t need to setup proxy configuration on their browser.
For setting up a transparent proxy, I need to forward all request to port 80 (http) to the port that Squid proxy server use. To do this I use WIPFW firewall which is a port from FreeBSD IPFW firewall. I got the information about WIPFW from my university administrator, Haryo. I applied the rules he gave me for port forwarding:
add fwd 127.0.0.1,<squid port> tcp from any to any 80 in
add allow tcp from 192.168.0.0/24 to any <squid port> in via eth4
Note: eth4 is the NIC for local LAN on my office.
I applied it on WIPFW, but it seems that it doesn’t work. Users still connected directly to the internet and not via proxy server. So the easy solution is to ask all users to setup the proxy server configuration on their browser. The problem is how to force them to use it? They still can browse the internet without the proxy server any way. Telling them that the proxy server will help to speedy the internet browsing experience doesn’t interest them.
In that case I need to force the user to setup the proxy server on their browser or they can’t browser the internet. It easy, just block all request to port 80 and open connection to proxy server’s port. Nice dirty trick that work!
Note: for guide on installing WIPFW please see my post: WIPFW Free Firewall For Windows
The solution I write above actually not what I really want, as I can’t cap the bandwidth for torrent connection. But if a user start torrenting and use all the bandwidth, I’ll just block him using WIPFW so he can’t even connected to the internet.